Bug 548894 - Enhance product builder to sign windows launchers
Summary: Enhance product builder to sign windows launchers
Status: NEW
Alias: None
Product: PDE
Classification: Eclipse Project
Component: Build (show other bugs)
Version: 4.13   Edit
Hardware: PC Windows 7
: P3 enhancement (vote)
Target Milestone: ---   Edit
Assignee: pde-build-inbox CLA
QA Contact:
URL:
Whiteboard:
Keywords: helpwanted
Depends on:
Blocks: 548443 548893
  Show dependency tree
 
Reported: 2019-07-03 02:19 EDT by Sravan Kumar Lakkimsetti CLA
Modified: 2020-10-01 14:39 EDT (History)
6 users (show)

See Also:

Attachments
Sample application (216.88 KB, application/x-zip-compressed)
2019-07-04 04:42 EDT, Sravan Kumar Lakkimsetti CLA 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sravan Kumar Lakkimsetti CLA 2019-07-03 02:19:56 EDT 
Windows launchers needs to be signed once the icon replacement is done. 
pde can use signing service described here https://wiki.eclipse.org/IT_Infrastructure_Doc#CBI_Maven_signing_plugin
Comment 1 Vikas Chandra CLA 2019-07-03 04:43:03 EDT 
What are the steps to recreate this in PDE?
Comment 2 Sravan Kumar Lakkimsetti CLA 2019-07-03 05:34:50 EDT 
(In reply to Vikas Chandra from comment #1)
> What are the steps to recreate this in PDE?

Since this is enhancement there are no reproducible steps to recreate.

Take an example rcp project and export it using product configuration. In the repository generated you'll see binary folder this contains executables in zip format containing eclipse.exe and eclipsec.exe. These needs to be signed.
Comment 3 Sravan Kumar Lakkimsetti CLA 2019-07-04 04:42:00 EDT 
Created attachment 279174 [details]
Sample application

Open TestAppFeature project. 
Export product to generate repository

Verify the executable in repo/binary. it will say signature not valid.
Comment 4 Vikas Chandra CLA 2019-07-31 07:59:05 EDT 
Worked with Sravan on couple of approaches

1) BrandingIron from pde.build calls p2.publisher and p2.publisher.eclipse and there the signing is removed. Tried running "curl" command from code (hit few roadblocks) - also not a good way and also not sure if that would actually work in the nightly build eclipse case.

2) Jar signing code flow - ModelBuildScriptGenerator::setSignJars seems to sign the jar. However with the attached application, that code flow is not taken. 

For this case, more investigation is required and how the nightly build calls pde.build/p2.publisher/p2.publisher.eclipse needs to be more clear for getting a solution.

It'll be helpful if someone who has some expertise in this area can comment or provide inputs.
Comment 5 Vikas Chandra CLA 2019-08-20 05:08:01 EDT 
Sent email here - https://www.eclipse.org/lists/cross-project-issues-dev/msg16903.html

But no response.
Comment 6 Dani Megert CLA 2019-10-16 08:43:22 EDT 
Sravan, Vikas, what's the status and further plan here?
Comment 7 Dani Megert CLA 2020-04-01 03:38:48 EDT 
I've removed the 'plan' keyword because no target milestone was set. A plan bug must always have a target milestone.

If you consider to set the 'plan' keyword again, make sure that the target milestone must match the release where it was originally planned. If the work was not finished, a follow-up plan bug for the next release must be created and the old one left in the NEW state. Not doing so would destroy the initial plan. The plan must reflect what has been delivered and what not.

Also, please make sure that you only tag root/top-level bugs with 'plan'. Bug fixes or simple things must not get the 'plan keyword.
Comment 8 Eclipse Genie CLA 2020-04-28 01:59:56 EDT 
New Gerrit change created: https://git.eclipse.org/r/161625
Comment 9 Dani Megert CLA 2020-04-30 08:48:58 EDT 
Can we target this for 4.16? Vikas or Sravan, one of you needs to own this bug.
Comment 10 Andrew Thomas CLA 2020-10-01 14:39:20 EDT 
Is there a way to turn off signing windows launchers in the PDE build?